Many U.S. states have recently added provisions regarding “minors” that greatly exceed what is required under the Children’s Online Privacy Protection Act (COPPA). In short, the new laws generally apply to people under 18,...more
7/31/2025
/ Advertising ,
Compliance ,
Consumer Protection Laws ,
COPPA ,
Data Privacy ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Personal Information ,
State Attorneys General ,
State Privacy Laws ,
Websites
Employers are increasingly monitoring and filtering the web browsing habits of employees.
The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
7/28/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Security ,
Disclosure Requirements ,
Employee Rights ,
Employees ,
EU ,
Personal Data ,
Websites
Connecticut Attorney General William Tong recently announced his office’s first enforcement action for violations of the Connecticut Data Privacy Act. “This law has now been in effect for two years,” Tong said in a...more
7/11/2025
/ Attorney General ,
Compliance ,
Connecticut ,
Consumer Privacy Rights ,
Data Privacy ,
Disclosure Requirements ,
Enforcement Actions ,
Fines ,
Penalties ,
Privacy Laws ,
State Attorneys General ,
State Privacy Laws
New Jersey recently released draft privacy regulations, and there is a lot to unpack and process.
In this three-part series, I will break down the regulations -
Part 1: The New Personal data:
• Scraping is carved...more
6/27/2025
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
COPPA ,
Data Collection ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Data Retention ,
New Jersey ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Privacy Laws ,
Proposed Rules ,
State Privacy Laws
Vermont recently adopted the Vermont Age-Appropriate Design Code Act, which goes into effect on January 1, 2027. The law is enforceable by the Vermont Attorney General as an unfair or deceptive act or practice. The Attorney...more
6/18/2025
/ Algorithms ,
Biometric Information ,
Data Collection ,
Data Privacy ,
Data Sellers ,
Duty of Care ,
Minors ,
New Legislation ,
Online Safety for Children ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws ,
Transparency ,
Unfair or Deceptive Trade Practices ,
Vermont
Following the Federal Trade Commission’s decision in December 2023 to ban Rite Aid from using AI facial recognition, it has become crystal clear that U.S. regulators expect a risk assessment when a retailer uses facial...more
Businesses should expect to see “increased enforcement” from the California Privacy Protection Agency now that the agency has had four years to staff up and implement rules, the CPPA’s executive director said in an interview...more
6/9/2025
/ California ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Enforcement ,
Enforcement Actions ,
Enforcement Priorities ,
New Regulations ,
Personal Information ,
Privacy Laws ,
State Privacy Laws
Actual deception, substantial injury (including through AI), kids and teens, financial institutions and employees.
Those are the key enforcement priorities of the Federal Trade Commission when it comes to data privacy...more
The Commonwealth of Pennsylvania is re-joining the U.S. state privacy law race.
State Rep. Edward Neilson recently proposed H.B 78, which features all the normal trappings of a state privacy law with a very low...more
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
The office of the Oregon Attorney General recently releases a six-month enforcement report regarding the Oregon’s Consumer Privacy Act (OCPA). What are we discussing with our clients?...more
3/12/2025
/ Compliance ,
Consumer Privacy Rights ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Nonprofits ,
Oregon ,
Privacy Laws ,
Regulatory Requirements ,
State Privacy Laws
On the heels of the formation of the House Privacy Working Group, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman John Joyce, M.D. (PA-13), Vice Chairman of the House...more
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
2/18/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Hawaii ,
Information Security ,
Privacy Laws ,
Regulatory Requirements ,
Risk Management ,
State Privacy Laws
Federal Trade Commission Commissioner Melissa Holyoak spoke last week at a conference in Miami about “a new season at the FTC.”
What can we learn from Holyoak’s comments about the FTC’s plans for AI regulation and free...more
The European Commission recently issued a formula for identifying Artificial Intelligence Systems:
Machine-based system-
Designed to operate with varying levels of autonomy-
•Some degree of independence of actions from...more
2/10/2025
/ Algorithms ,
Artificial Intelligence ,
Automated Decision Systems (ADS) ,
Data Privacy ,
Data Protection ,
EU ,
European Commission ,
Machine Learning ,
Regulatory Agenda ,
Technology ,
Technology Sector
A new decision by the United Kingdom’s high court says that even if you have cookie and marketing consent mechanisms that are sufficient for valid consent under privacy laws for the general public, they may not be enough for...more
1/31/2025
/ Consent ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gambling ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
UK ,
UK GDPR
The old saying goes, “Don’t mess with Texas.” The same can be said of the Texas Privacy Act. The Texas Department of Information Resources recently issued an implementation status for the act....more
App permissions do not satisfy the requirements for valid consent for the purpose of GDPR because they lack sufficient detail and granularity, according to the Commission Nationale de l’Informatique et des Libertés (CNIL)....more
1/17/2025
/ CNIL ,
Compliance ,
Consent ,
Data Privacy ,
Data Protection ,
Data Security ,
EU ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws ,
Privacy Policy
Here are eight recent developments in privacy law you should consider as you get ready for the holidays. Don’t Lie on Your AI -
•The U.S. Federal Trade Commission recently issued a new enforcement action on AI...more
To paraphrase Animal Farm, all pixels are not created equal, but some pixels are more privacy invasive than others. Here are some recent points I made during a presentation to some of my firm’s litigators:...more
The California Privacy Protection Agency is going after data brokers.
The CPPA board voted earlier this month to adopt new regulations regarding data broker registration requirements. If approved, the regulations will...more
The Office of the Australian Information Commissioner recently issued practical guidance on how to deploy tracking technologies (pixels) in a privacy compliant manner under the Australian Privacy Law....more
The U.S. Department of Labor recently released new principles on the ethical use of artificial intelligence. Here are some of the things we are working on with employers and other clients, including tech developers....more
The United Kingdom’s Information Commissioner’s Office recently issued a report on Quantum technologies and data protection. What are we discussing with clients?...more
There have been some highly publicized privacy statement revisions. Here are some lessons we are discussing with clients:
•Regulators are putting a high value on transparency and they are looking specifically at privacy...more